A slew of Firefox users has fallen victim to a bogus add-on that was masquerading as a legitimate extension of a cryptocurrency hardware wallet called SafePal, Bleeping Computer reports.
One of the victims, who goes by the name of Cali, was shocked to discover that all of the funds went into the hands of scammers:
I was deep in shock...I saw my last transactions and saw that [$4,000 of my funds] were transferred to another wallet. I could not believe it [was an] add-on that is deployed in the add-on list of Mozilla Firefox.
Ethereum (ETH) Bull Market Over? Shiba Inu (SHIB) Risks Adding Zero Rocket, XRP's Last Level Before $2Peter Brandt Predicts $500K Bitcoin, 1.7 Billion XRP Accumulated at Make-or-Break Level, 10 Trillion Shiba Inu Massive Comeback — Crypto News DigestRipple’s $606 Million XRP Transfer Sparks Hopes of Price ReversalTom Lee Climbs to #2 in Corporate Crypto Race. Is Saylor Safe?
It is unclear how many other Firefox users were deprived of their funds after downloading the malicious extension. The add-on was operational since mid-February before it was removed just recently.
A bunch of negative reviews from disgruntled users should have been a warning sign.
The user who was scammed by bad actors claims that the police are not capable of tracing the hacker.
Potential victims are tricked into entering their recovery phrases, making it extremely easy for hackers to pilfer their holdings.
What's more, the phishing domain associated with the fraudulent add-on is still live.
Hacks and scams remain prevalent in the cryptocurrency industry. As reported by U.Today, Bitcoin.org, the very first Bitcoin website that was registered by Satoshi Nakamoto, suffered a security breach four days ago.
Earlier this month, a fake YouTube stream of Apple's annual event promoting a Bitcoin giveaway reached roughly 170,000 viewers before it was shut down.
Dan Burgin
Vladislav Sopov
U.Today Editorial Team